[tahoe-dev] question about sharing...

Brandon Meskimen brandon.meskimen at gmail.com
Wed Jun 1 11:02:38 PDT 2011


Yea i have the same question just worded different

{        Is it possilbe to modify the mutable and immutable files access
control to be more complex? Is it possible to give one person permission to
access the file but not others? Once that permission is given can you remove
it? Is it possible to have a more properties per file when it is uploaded
like who accessed it, i know it already has last modified.}

Very Respectfully,

Brandon


On Wed, Jun 1, 2011 at 1:52 PM, Greg Troxel <gdt at ir.bbn.com> wrote:

>
> toby cabot <toby at caboteria.org> writes:
>
> > I have a question about sharing files with other people and I can't
> > find the answer on the site but I hope this isn't a FAQ.  If I run my
> > own client with the web user interface, I imagine that I can share
> > files by simply giving someone a directory URL.  Could they then give
>
> You should be clear on the difference between a URL to the gateway, and
> a URI which is a capability within tahoe.  URIs get encoded in URLS, but
> I'm getting fuzzy because I decided to stop using the Web User Interface
> for other than checking server connectivity etc. (because putting
> secrets in URLS in modern browsers seems like a bad idea).
>
> > this URL to someone else, perhaps someone that I wouldn't want to see
> > the directory?  Is there an authentication component that I'm missing?
>
> Yes, they could.  What you are missing is
>
> 1) that this is a capability system, not an ACL system.
>
> 2) if you handed them a decryption key for normal data, they could grab
> and download the data.  They could then hand it out.
>
> Basically, if you don't trust people to keep things secret, you can't
> share with them.  This isn't about tahoe, or rather tahoe has no magic
> bullet for this.
>
> > If I give someone a URL to a directory can I later revoke that URL
> > somehow but still be able to access the directory myself?
>
> No.  But you can move the files in it to a new directory and hope the
> original directory gets garbage collected.
>
> But again, if they copied the data, you can't revoke that.
>
>
> It's interesting that this comes up in tahoe much more so than in otheer
> filesystems.  People don't seem to ask:
>
>  if I have a filesystem, and I let someone read a file, and then I
>  "chmod 700" it, how can I be sure they didn't keep a copy?  Isn't it a
>  bug that the filesystem doesn't enforce removing all their copies?
>
> about other filesystems.
>
>
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20110601/7ed82fd8/attachment.html>


More information about the tahoe-dev mailing list